General
-
Target
PO-PDF_PDF.exe
-
Size
498KB
-
Sample
210118-6wcnc2jrrn
-
MD5
56f2689631039e478d381c489cd9ee01
-
SHA1
619b93e5742153b2c667b55b3c90d33fce0a795e
-
SHA256
ccd9176d26caf90647653816162ea4622ae24e253b7da139fdfacd74a555a8a1
-
SHA512
aaa9b20393a09c3699baf86cbd58f0e056dcd6257dc98196a9064a5339f2ef9d8e57f1e707fffd413be0cc86c603eca053f0ba7847ef280bba3bcc0db90158be
Static task
static1
Behavioral task
behavioral1
Sample
PO-PDF_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO-PDF_PDF.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
nkosarevaocs.duckdns.org:7266
Targets
-
-
Target
PO-PDF_PDF.exe
-
Size
498KB
-
MD5
56f2689631039e478d381c489cd9ee01
-
SHA1
619b93e5742153b2c667b55b3c90d33fce0a795e
-
SHA256
ccd9176d26caf90647653816162ea4622ae24e253b7da139fdfacd74a555a8a1
-
SHA512
aaa9b20393a09c3699baf86cbd58f0e056dcd6257dc98196a9064a5339f2ef9d8e57f1e707fffd413be0cc86c603eca053f0ba7847ef280bba3bcc0db90158be
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-